use of org.mozilla.jss.crypto.NoSuchItemOnTokenException in project jss by dogtagpki.
the class PKCS12Util method importKey.
public void importKey(PKCS12 pkcs12, Password password, String nickname, PKCS12KeyInfo keyInfo) throws Exception {
PKCS12CertInfo certInfo = pkcs12.getCertInfoByKeyID(keyInfo.getID());
if (certInfo == null) {
logger.debug("Private key has no certificate, ignore");
return;
}
CryptoManager cm = CryptoManager.getInstance();
CryptoToken token = cm.getInternalKeyStorageToken();
PK11Store store = (PK11Store) token.getCryptoStore();
X509CertImpl certImpl = certInfo.getCert();
X509Certificate cert = cm.importCACertPackage(certImpl.getEncoded());
// get public key
PublicKey publicKey = cert.getPublicKey();
byte[] epkiBytes = keyInfo.getEncryptedPrivateKeyInfoBytes();
if (epkiBytes == null) {
logger.debug("No EncryptedPrivateKeyInfo for key '" + keyInfo.getFriendlyName() + "'; skipping key");
}
try {
// first true without BMPString-encoding the passphrase.
store.importEncryptedPrivateKeyInfo(null, password, nickname, publicKey, epkiBytes);
} catch (Exception e) {
// if that failed, try again with BMPString-encoded
// passphrase. This is required for PKCS #12 PBE
// schemes and for PKCS #12 files using PBES2 generated
// by NSS < 3.31
store.importEncryptedPrivateKeyInfo(new PasswordConverter(), password, nickname, publicKey, epkiBytes);
}
// with the correct nickname)
try {
store.deleteCertOnly(cert);
} catch (NoSuchItemOnTokenException e) {
// this is OK
}
}
use of org.mozilla.jss.crypto.NoSuchItemOnTokenException in project jss by dogtagpki.
the class SigContextProxy method engineInitSign.
@Override
public void engineInitSign(org.mozilla.jss.crypto.PrivateKey privateKey) throws InvalidKeyException, TokenException {
PK11PrivKey privKey;
//
if (privateKey == null) {
throw new InvalidKeyException("private key is null");
}
if (!(privateKey instanceof PK11PrivKey)) {
throw new InvalidKeyException("privateKey is not a PKCS #11 " + "private key");
}
privKey = (PK11PrivKey) privateKey;
try {
privKey.verifyKeyIsOnToken(token);
} catch (NoSuchItemOnTokenException e) {
throw new InvalidKeyException(e.toString());
}
try {
if (KeyType.getKeyTypeFromAlgorithm(algorithm) != privKey.getKeyType()) {
throw new InvalidKeyException("Key type is inconsistent with algorithm");
}
} catch (NoSuchAlgorithmException e) {
throw new InvalidKeyException("Unknown algorithm: " + algorithm, e);
}
// Finally, the key is OK
key = privKey;
// Now initialize the signature context
if (!raw) {
sigContext = null;
initSigContext();
}
// Don't set state until we know everything worked
state = SIGN;
}
use of org.mozilla.jss.crypto.NoSuchItemOnTokenException in project jss by dogtagpki.
the class SSLClientAuth method generateCerts.
private void generateCerts(CryptoManager cm, int serialNum) {
// RSA Key with default exponent
int keyLength = 4096;
try {
java.security.KeyPairGenerator kpg = java.security.KeyPairGenerator.getInstance("RSA", "Mozilla-JSS");
kpg.initialize(keyLength);
KeyPair caPair = kpg.genKeyPair();
// Generate CA cert
SEQUENCE extensions = new SEQUENCE();
extensions.addElement(makeBasicConstraintsExtension());
Certificate caCert = makeCert("CACert", "CACert", serialNum, caPair.getPrivate(), caPair.getPublic(), serialNum, extensions);
X509Certificate nssCaCert = cm.importUserCACertPackage(ASN1Util.encode(caCert), "SSLCA-" + serialNum);
InternalCertificate intern = (InternalCertificate) nssCaCert;
intern.setSSLTrust(PK11Cert.TRUSTED_CA | PK11Cert.TRUSTED_CLIENT_CA | PK11Cert.VALID_CA);
// generate server cert
kpg.initialize(keyLength);
KeyPair serverPair = kpg.genKeyPair();
Certificate serverCert = makeCert("CACert", "localhost", serialNum + 1, caPair.getPrivate(), serverPair.getPublic(), serialNum, null);
nssServerCert = cm.importCertPackage(ASN1Util.encode(serverCert), serverCertNick);
// generate client auth cert
kpg.initialize(keyLength);
KeyPair clientPair = kpg.genKeyPair();
Certificate clientCert = makeCert("CACert", "ClientCert", serialNum + 2, caPair.getPrivate(), clientPair.getPublic(), serialNum, null);
nssClientCert = cm.importCertPackage(ASN1Util.encode(clientCert), clientCertNick);
} catch (CertificateEncodingException ex) {
ex.printStackTrace();
System.exit(1);
} catch (NoSuchAlgorithmException ex) {
ex.printStackTrace();
System.exit(1);
} catch (NoSuchProviderException ex) {
ex.printStackTrace();
System.exit(1);
} catch (NicknameConflictException ex) {
ex.printStackTrace();
System.exit(1);
} catch (UserCertConflictException ex) {
ex.printStackTrace();
System.exit(1);
} catch (TokenException ex) {
ex.printStackTrace();
System.exit(1);
} catch (NoSuchItemOnTokenException ex) {
ex.printStackTrace();
System.exit(1);
} catch (Exception ex) {
ex.printStackTrace();
System.exit(1);
}
}
use of org.mozilla.jss.crypto.NoSuchItemOnTokenException in project jss by dogtagpki.
the class JSSKeyStoreSpi method engineDeleteEntry.
@Override
public void engineDeleteEntry(String alias) throws KeyStoreException {
try {
CryptoManager manager = CryptoManager.getInstance();
try {
logger.debug("JSSKeyStoreSpi: searching for cert");
X509Certificate cert = manager.findCertByNickname(alias);
CryptoToken token;
if (cert instanceof TokenCertificate) {
TokenCertificate tokenCert = (TokenCertificate) cert;
token = tokenCert.getOwningToken();
} else {
token = manager.getInternalKeyStorageToken();
}
CryptoStore store = token.getCryptoStore();
logger.debug("JSSKeyStoreSpi: deleting cert: " + alias);
store.deleteCertOnly(cert);
return;
} catch (ObjectNotFoundException e) {
logger.debug("JSSKeyStoreSpi: cert not found, searching for key");
}
String[] parts = parseAlias(alias);
String tokenName = parts[0];
String nickname = parts[1];
CryptoToken token;
if (tokenName == null) {
token = manager.getInternalKeyStorageToken();
} else {
token = manager.getTokenByName(tokenName);
}
CryptoStore store = token.getCryptoStore();
logger.debug("JSSKeyStoreSpi: searching for private key");
for (PrivateKey privateKey : store.getPrivateKeys()) {
// convert key ID into hexadecimal
String keyID = Utils.HexEncode(privateKey.getUniqueID());
logger.debug("JSSKeyStoreSpi: - " + keyID);
if (!nickname.equals(keyID)) {
continue;
}
try {
logger.debug("JSSKeyStoreSpi: searching for public key: " + nickname);
PublicKey publicKey = store.findPublicKey(privateKey);
logger.debug("JSSKeyStoreSpi: deleting public key: " + nickname);
store.deletePublicKey(publicKey);
} catch (ObjectNotFoundException e) {
logger.debug("JSSKeyStoreSpi: public key not found: " + nickname);
}
logger.debug("JSSKeyStoreSpi: deleting private key: " + nickname);
store.deletePrivateKey(privateKey);
return;
}
logger.debug("JSSKeyStoreSpi: entry not found: " + alias);
throw new KeyStoreException("Entry not found: " + alias);
} catch (NotInitializedException e) {
throw new KeyStoreException(e);
} catch (NoSuchTokenException e) {
throw new KeyStoreException(e);
} catch (TokenException e) {
throw new KeyStoreException(e);
} catch (NoSuchItemOnTokenException e) {
throw new KeyStoreException(e);
}
}
Aggregations